General
-
Target
RECEIPT.zip
-
Size
1.8MB
-
Sample
220613-v793dshfgk
-
MD5
8a24e0d06efc612ccc2415d8c016bccc
-
SHA1
7e4a4fce1148a87f3d857fe8af5fbbb95b68deb2
-
SHA256
c3c8d337313ba9ba442de6db900bf5a1c95373450a907d011ca319908d921057
-
SHA512
aa98a0be5ddf5cdd2b9215271724d8b50d96a1e5a1c80e586638d7746cb2ac84a9046fd5f15cdcaa5ce647d043163ae601a08bb85170eef5564ab1adfec5b020
Static task
static1
Behavioral task
behavioral1
Sample
R0DJFF6DH_ETRANSFER_RECEIPT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
R0DJFF6DH_ETRANSFER_RECEIPT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
R0DJFF6DH_ETRANSFER_RECEIPT.exe
-
Size
300.0MB
-
MD5
226fb5752aa6f88a83ff3b5fd793ed3e
-
SHA1
e47d89197c492285ed0e21ba88d8c6dc57b53b28
-
SHA256
b7bc9c6c715db6abe6707205e70f685422aedf9c881beda92fff27a4fafdc4cb
-
SHA512
7cf758e2846db04570cb00731a629d9fe282c5fd39c3b50e2238209e2341c4aa10944ed81d9971a8db475fd421d90aaec0b59722be522706dccf482eae138156
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-